<?php

$file404 = "images/upload404.gif";
$file403 = "images/upload403.gif";

// 1. check existence
if ($_GET["global"]) $page_id=0;
else $page_id=$this->page["id"];

$what = $this->LoadAll( "select user, id, filename, filesize, description from ".$this->config["table_prefix"]."upload where ".
	"page_id = '".quote($page_id)."' and filename='".quote($_GET["get"])."'");

if (sizeof($what) > 0) {
	// 2. check rights
	if ($this->IsAdmin() || ($desc["id"] && ($this->GetPageOwner($this->tag) == $this->GetUserName())) ||
		($this->HasAccess("read")) || ($desc["user"] == $this->GetUserName()) ) {
	$filepath = $this->config["upload_path".($page_id?"_per_page":"")]."/".
	($page_id?("@".str_replace("/","@",$this->supertag)."@"):"").
	$what[0]["filename"];
		}
		else $error=403;

} else $error=404;

// 3. passthru
$ext_array =explode(".", $filepath?$filepath:$_GET["get"]);
$extension = strtolower($ext_array[count($ext_array)-1]);

if (($extension == "gif") || ($extension == "jpg") || ($extension == "png")) {
	$isimage = true;
	header("Content-Type: image/jpeg");
	if ($error) {
		$filepath = "images/upload".$error.".gif";
		// header("HTTP/1.0 404 Not Found");
	}
}

if ($filepath) {
	if (!$isimage) {
		header("Cache-control: private");
		header("Content-Type: application/download");
		header("Content-Disposition: attachment; filename=".$what[0]["filename"]);
	}
	$f = @fopen( $filepath, "rb" );
	@fpassthru ($f);
} else if ($error==404) {
	if (function_exists("virtual")) header("HTTP/1.0 404 Not Found");
	print($this->GetResourceValue("UploadFileNotFound"));
} else {
	if (function_exists("virtual")) header("HTTP/1.0 403 Forbidden");
	print($this->GetResourceValue("UploadFileForbidden"));
}

// 4. die
die();

?>